Commit Graph

2266 Commits

Author SHA1 Message Date
github-actions[bot] 91bf7619dc
New Crowdin translations by GitHub Action (#11675)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-04-08 21:46:56 +10:00
Oliver 343f0975b6
Export fix (#11693)
* Fix for ManufacturerPartList

- Support data export via API

* Add playwright tests

* Bump API version
2026-04-08 19:16:31 +10:00
Oliver 360beeaf52
Table icon fix (#11694) 2026-04-08 19:16:10 +10:00
dependabot[bot] fea08653c0
chore(deps): bump the dependencies group across 1 directory with 9 updates (#11671)
* chore(deps): bump the dependencies group across 1 directory with 9 updates

Bumps the dependencies group with 9 updates in the /src/backend directory:

| Package | From | To |
| --- | --- | --- |
| [gunicorn](https://github.com/benoitc/gunicorn) | `25.2.0` | `25.3.0` |
| [bleach](https://github.com/mozilla/bleach) | `4.1.0` | `6.3.0` |
| [boto3](https://github.com/boto/boto3) | `1.42.76` | `1.42.77` |
| [botocore](https://github.com/boto/botocore) | `1.42.76` | `1.42.77` |
| [googleapis-common-protos](https://github.com/googleapis/google-cloud-python) | `1.73.0` | `1.73.1` |
| [importlib-metadata](https://github.com/python/importlib_metadata) | `8.7.1` | `9.0.0` |
| [protobuf](https://github.com/protocolbuffers/protobuf) | `6.33.6` | `7.34.1` |
| [wrapt](https://github.com/GrahamDumpleton/wrapt) | `1.17.3` | `2.1.2` |
| [python-discovery](https://github.com/tox-dev/python-discovery) | `1.2.0` | `1.2.1` |



Updates `gunicorn` from 25.2.0 to 25.3.0
- [Release notes](https://github.com/benoitc/gunicorn/releases)
- [Commits](https://github.com/benoitc/gunicorn/compare/25.2.0...25.3.0)

Updates `bleach` from 4.1.0 to 6.3.0
- [Changelog](https://github.com/mozilla/bleach/blob/main/CHANGES)
- [Commits](https://github.com/mozilla/bleach/compare/v4.1.0...v6.3.0)

Updates `boto3` from 1.42.76 to 1.42.77
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](https://github.com/boto/boto3/compare/1.42.76...1.42.77)

Updates `botocore` from 1.42.76 to 1.42.77
- [Commits](https://github.com/boto/botocore/compare/1.42.76...1.42.77)

Updates `googleapis-common-protos` from 1.73.0 to 1.73.1
- [Release notes](https://github.com/googleapis/google-cloud-python/releases)
- [Changelog](https://github.com/googleapis/google-cloud-python/blob/main/packages/google-cloud-documentai/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-cloud-python/compare/googleapis-common-protos-v1.73.0...googleapis-common-protos-v1.73.1)

Updates `importlib-metadata` from 8.7.1 to 9.0.0
- [Release notes](https://github.com/python/importlib_metadata/releases)
- [Changelog](https://github.com/python/importlib_metadata/blob/main/NEWS.rst)
- [Commits](https://github.com/python/importlib_metadata/compare/v8.7.1...v9.0.0)

Updates `protobuf` from 6.33.6 to 7.34.1
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

Updates `wrapt` from 1.17.3 to 2.1.2
- [Release notes](https://github.com/GrahamDumpleton/wrapt/releases)
- [Changelog](https://github.com/GrahamDumpleton/wrapt/blob/develop/docs/changes.rst)
- [Commits](https://github.com/GrahamDumpleton/wrapt/compare/1.17.3...2.1.2)

Updates `python-discovery` from 1.2.0 to 1.2.1
- [Release notes](https://github.com/tox-dev/python-discovery/releases)
- [Commits](https://github.com/tox-dev/python-discovery/compare/1.2.0...1.2.1)

---
updated-dependencies:
- dependency-name: gunicorn
  dependency-version: 25.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: bleach
  dependency-version: 6.3.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: boto3
  dependency-version: 1.42.77
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: botocore
  dependency-version: 1.42.77
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: googleapis-common-protos
  dependency-version: 1.73.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: importlib-metadata
  dependency-version: 9.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: protobuf
  dependency-version: 7.34.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: wrapt
  dependency-version: 2.1.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: python-discovery
  dependency-version: 1.2.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix style

* fix style

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
Co-authored-by: Oliver <oliver.henry.walters@gmail.com>
2026-04-08 17:28:59 +10:00
Oliver 71373e3c19
Order line number (#11692)
* Add "line number" field for external orders

* Updated serializers

* Add columns to UI tables

* Update form fields

* Adds API ordering

* Bump API version

* Update CHANGELOG.md
2026-04-08 15:36:08 +10:00
Oliver 4d2ed8fcba
Update parameter report helper (#11690)
* Update parameter report helper

- Fallback to case insensitive lookup

* Add default value in case parameter is not found

* Add new report helper func
2026-04-08 14:14:44 +10:00
Oliver 2753a437cc
Fix spelling error in api_version.py (#11689) 2026-04-08 09:24:42 +10:00
Oliver 76b5cfcca2
Merge commit from fork
* Ensure the MeUserSerializer correctly marks fields as read-only

* Bump API version

* Add unit tests for the "me" endpoint

* Additional unit tests

* Add OPTIONS test
2026-04-08 08:19:39 +10:00
Nozomu Sasaki (Paul) 427a323914
Merge commit from fork
* fix(security): use SandboxedEnvironment for PART_NAME_FORMAT rendering

- Switch jinja2.Environment to jinja2.sandbox.SandboxedEnvironment in
  part/helpers.py to prevent SSTI via template tags in PART_NAME_FORMAT.
- Set pk=1 on the dummy Part instance in the validator to ensure
  conditional expressions like {% if part.pk %} are properly evaluated
  during validation, closing the sandbox bypass vector.

Fixes GHSA-84jh-x777-8pqq

* Style fixes

---------

Co-authored-by: Paul <morimori-dev@github.com>
Co-authored-by: Oliver Walters <oliver.henry.walters@gmail.com>
2026-04-08 08:17:36 +10:00
Oliver b8ec300fbf
Merge commit from fork
* Add note to plugin docs.

* Adjust logic for PluginListTable

* Add superuser scope to PluginInstall API endpoint

* Update unit test for API endpoint

* Explicitly set PLUGINS_INSTALL_DISABLED if PLUGINS_ENABLED = False

* Check for superuser permission in installer.py

* Additional user checks

* Sanitize package name to protect against OS command injection
2026-04-08 08:16:07 +10:00
Matthias Mair 9c0cb34106
Merge commit from fork
* fix behaviour

* style fixes

---------

Co-authored-by: Oliver Walters <oliver.henry.walters@gmail.com>
2026-04-08 08:13:39 +10:00
Oliver 68031d504f
Merge commit from fork
* Fix SSRF in remote image download

Add IP address validation to prevent Server-Side Request Forgery
when downloading images from remote URLs. The resolved IP is now
checked against private, loopback, link-local, and reserved ranges
before connecting.

Redirects are followed manually (up to 5 hops) with SSRF validation
at each step, preventing redirect-based bypass of URL format checks.

* Style fix

---------

Co-authored-by: tikket1 <chrisveres1@gmail.com>
2026-04-08 08:11:18 +10:00
Oliver 437dddc75f
[UI] Import context (#11685)
* Refactor ImporterDrawer

- Use a single, globally accessible object
- Provide global state management

* Expose global importer state to the plugin interface

* Improve registration of data import serializers

* Update frontend version / docs

* Bump API version
2026-04-08 06:01:00 +10:00
Matthias Mair e91f306245
feat(frontend): improve comms around danger of staff users (#11659)
* docs: add more details around staff / superuser roles and their dangers

* make clear that staff users are dangerous

* make distinction clearer in API

* add error code and frontend warning about running with staff / admin user

* fix test

* bump api

* adapt banner warning

* make banner locally disableable

* add global option to disable elevated user alert
2026-04-05 22:51:46 +10:00
github-actions[bot] d358001827
New Crowdin translations by GitHub Action (#11662)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-04-05 12:08:50 +10:00
Oliver a721a0fe35
Add documentation on background worker configuration options (#11673) 2026-04-04 12:41:55 +11:00
Oliver 3a1e860789
Storage fixes (#11672)
* Use storage class rather than manually constructing URL

* Fix for report helpers
2026-04-04 11:49:21 +11:00
Oliver bb3293ef31
Updates to part revision support (#11670)
* Update revision validation

* Refactor UI display

* Fix for usePartFields

* Rearrange part settings

* Better visuals

* Update docs

* use 'full_name' field

* Update playwright tests

* Adjust unit test

* Fix playwright tests
2026-04-04 00:10:25 +11:00
dependabot[bot] 884b0aa966
chore(deps): bump the dependencies group across 1 directory with 20 updates (#11661)
* chore(deps): bump the dependencies group across 1 directory with 20 updates

Bumps the dependencies group with 20 updates in the /src/backend directory:

| Package | From | To |
| --- | --- | --- |
| [bleach](https://github.com/mozilla/bleach) | `4.1.0` | `6.3.0` |
| [blessed](https://github.com/jquast/blessed) | `1.33.0` | `1.34.0` |
| [boto3](https://github.com/boto/boto3) | `1.42.72` | `1.42.76` |
| [botocore](https://github.com/boto/botocore) | `1.42.72` | `1.42.76` |
| [djangorestframework](https://github.com/encode/django-rest-framework) | `3.17.0` | `3.17.1` |
| [gunicorn](https://github.com/benoitc/gunicorn) | `25.1.0` | `25.2.0` |
| [importlib-metadata](https://github.com/python/importlib_metadata) | `8.7.1` | `9.0.0` |
| [protobuf](https://github.com/protocolbuffers/protobuf) | `6.33.6` | `7.34.1` |
| [redis](https://github.com/redis/redis-py) | `7.3.0` | `7.4.0` |
| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.55.0` | `2.56.0` |
| [wrapt](https://github.com/GrahamDumpleton/wrapt) | `1.17.3` | `2.1.2` |
| [build](https://github.com/pypa/build) | `1.4.0` | `1.4.2` |
| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.4` | `7.13.5` |
| [django-silk](https://github.com/jazzband/django-silk) | `5.4.3` | `5.5.0` |
| [django-stubs](https://github.com/typeddjango/django-stubs) | `5.2.9` | `6.0.1` |
| [django-stubs-ext](https://github.com/typeddjango/django-stubs) | `5.2.9` | `6.0.1` |
| [filelock](https://github.com/tox-dev/py-filelock) | `3.25.0` | `3.25.2` |
| [identify](https://github.com/pre-commit/identify) | `2.6.17` | `2.6.18` |
| [python-discovery](https://github.com/tox-dev/python-discovery) | `1.1.0` | `1.2.0` |
| [virtualenv](https://github.com/pypa/virtualenv) | `21.1.0` | `21.2.0` |



Updates `bleach` from 4.1.0 to 6.3.0
- [Changelog](https://github.com/mozilla/bleach/blob/main/CHANGES)
- [Commits](https://github.com/mozilla/bleach/compare/v4.1.0...v6.3.0)

Updates `blessed` from 1.33.0 to 1.34.0
- [Release notes](https://github.com/jquast/blessed/releases)
- [Changelog](https://github.com/jquast/blessed/blob/master/docs/history.rst)
- [Commits](https://github.com/jquast/blessed/compare/1.33...1.34)

Updates `boto3` from 1.42.72 to 1.42.76
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](https://github.com/boto/boto3/compare/1.42.72...1.42.76)

Updates `botocore` from 1.42.72 to 1.42.76
- [Commits](https://github.com/boto/botocore/compare/1.42.72...1.42.76)

Updates `djangorestframework` from 3.17.0 to 3.17.1
- [Release notes](https://github.com/encode/django-rest-framework/releases)
- [Commits](https://github.com/encode/django-rest-framework/compare/3.17.0...3.17.1)

Updates `gunicorn` from 25.1.0 to 25.2.0
- [Release notes](https://github.com/benoitc/gunicorn/releases)
- [Commits](https://github.com/benoitc/gunicorn/compare/25.1.0...25.2.0)

Updates `importlib-metadata` from 8.7.1 to 9.0.0
- [Release notes](https://github.com/python/importlib_metadata/releases)
- [Changelog](https://github.com/python/importlib_metadata/blob/main/NEWS.rst)
- [Commits](https://github.com/python/importlib_metadata/compare/v8.7.1...v9.0.0)

Updates `protobuf` from 6.33.6 to 7.34.1
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

Updates `redis` from 7.3.0 to 7.4.0
- [Release notes](https://github.com/redis/redis-py/releases)
- [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES)
- [Commits](https://github.com/redis/redis-py/compare/v7.3.0...v7.4.0)

Updates `sentry-sdk` from 2.55.0 to 2.56.0
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-python/compare/2.55.0...2.56.0)

Updates `wrapt` from 1.17.3 to 2.1.2
- [Release notes](https://github.com/GrahamDumpleton/wrapt/releases)
- [Changelog](https://github.com/GrahamDumpleton/wrapt/blob/develop/docs/changes.rst)
- [Commits](https://github.com/GrahamDumpleton/wrapt/compare/1.17.3...2.1.2)

Updates `build` from 1.4.0 to 1.4.2
- [Release notes](https://github.com/pypa/build/releases)
- [Changelog](https://github.com/pypa/build/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pypa/build/compare/1.4.0...1.4.2)

Updates `coverage` from 7.13.4 to 7.13.5
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](https://github.com/coveragepy/coveragepy/compare/7.13.4...7.13.5)

Updates `django-silk` from 5.4.3 to 5.5.0
- [Release notes](https://github.com/jazzband/django-silk/releases)
- [Changelog](https://github.com/jazzband/django-silk/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jazzband/django-silk/compare/5.4.3...5.5.0)

Updates `django-stubs` from 5.2.9 to 6.0.1
- [Release notes](https://github.com/typeddjango/django-stubs/releases)
- [Commits](https://github.com/typeddjango/django-stubs/compare/5.2.9...6.0.1)

Updates `django-stubs-ext` from 5.2.9 to 6.0.1
- [Release notes](https://github.com/typeddjango/django-stubs/releases)
- [Commits](https://github.com/typeddjango/django-stubs/compare/5.2.9...6.0.1)

Updates `filelock` from 3.25.0 to 3.25.2
- [Release notes](https://github.com/tox-dev/py-filelock/releases)
- [Changelog](https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst)
- [Commits](https://github.com/tox-dev/py-filelock/compare/3.25.0...3.25.2)

Updates `identify` from 2.6.17 to 2.6.18
- [Commits](https://github.com/pre-commit/identify/compare/v2.6.17...v2.6.18)

Updates `python-discovery` from 1.1.0 to 1.2.0
- [Release notes](https://github.com/tox-dev/python-discovery/releases)
- [Commits](https://github.com/tox-dev/python-discovery/compare/1.1.0...1.2.0)

Updates `virtualenv` from 21.1.0 to 21.2.0
- [Release notes](https://github.com/pypa/virtualenv/releases)
- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst)
- [Commits](https://github.com/pypa/virtualenv/compare/21.1.0...21.2.0)

---
updated-dependencies:
- dependency-name: bleach
  dependency-version: 6.3.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: blessed
  dependency-version: 1.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: boto3
  dependency-version: 1.42.76
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: botocore
  dependency-version: 1.42.76
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: djangorestframework
  dependency-version: 3.17.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: gunicorn
  dependency-version: 25.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: importlib-metadata
  dependency-version: 9.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: protobuf
  dependency-version: 7.34.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: redis
  dependency-version: 7.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: sentry-sdk
  dependency-version: 2.56.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: wrapt
  dependency-version: 2.1.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: build
  dependency-version: 1.4.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: coverage
  dependency-version: 7.13.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: django-silk
  dependency-version: 5.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: django-stubs
  dependency-version: 6.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: django-stubs-ext
  dependency-version: 6.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: filelock
  dependency-version: 3.25.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: identify
  dependency-version: 2.6.18
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: python-discovery
  dependency-version: 1.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: virtualenv
  dependency-version: 21.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix style

* more fixes

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
2026-04-03 14:16:39 +11:00
dependabot[bot] 2eb675ae9e
chore(deps): bump pygments from 2.19.2 to 2.20.0 in /docs (#11637)
* chore(deps): bump pygments from 2.19.2 to 2.20.0 in /docs

Bumps [pygments](https://github.com/pygments/pygments) from 2.19.2 to 2.20.0.
- [Release notes](https://github.com/pygments/pygments/releases)
- [Changelog](https://github.com/pygments/pygments/blob/master/CHANGES)
- [Commits](https://github.com/pygments/pygments/compare/2.19.2...2.20.0)

---
updated-dependencies:
- dependency-name: pygments
  dependency-version: 2.20.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix style

* bump rest of deps

* fix pygments

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
2026-04-03 14:16:25 +11:00
Matthias Mair 45de695d4f
feat(backend): add request id (#11666)
helpful for https://github.com/inventree/InvenTree/issues/9996
2026-04-03 14:07:27 +11:00
Oliver 5c55f4f4c0
Migrate plugin tables (#11648)
* Prevent creation of PluginConfig during migrations

* Refactor data import process

- Split into multiple separate steps

* Load plugins during data load / dump

- Required, otherwise we cannot dump the data

* Refactor export_records

- Use temporary file
- Cleanup docstring

* Force apps check on second validation step

* Improve import sequencing

* Update CI script

* Update migration docs

* CI pipeline for running import/export test

* Fix workflow naming

* Fix env vars

* Add placeholder script

* Fix matrix env vars

* Fix missing env var

* Install required packages

* Fix typo

* Tweak tasks.py

* Install dummy plugin as part of the

* Updated CI workflow

* Validate exported data

* Additional CI process

* Log mandatory plugins to INFO

* Force global setting

* Refactor CI pipeline

* Tweak file test

* Workflow updates

* Enable auto-update

* Test if import/export test should run

* Trigger if tasks.py changes
2026-04-02 21:26:34 +11:00
github-actions[bot] 9aa2308f52
New Crowdin translations by GitHub Action (#11623)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-04-02 16:56:15 +11:00
Matthias Mair 5d1cbf4e9a
refactor(backend): replace bleach with nh3 and bump weasy (#11655)
* Replace bleach with nh3 for HTML sanitization

Agent-Logs-Url: https://github.com/matmair/InvenTree/sessions/913a447a-5efa-4fa3-b8b1-6af5feaa24f0

Co-authored-by: matmair <66015116+matmair@users.noreply.github.com>

* reduce diff

* bump weasy

* fix name

* remove old textual refs

* move defaults

* add some comments

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
2026-04-02 15:35:15 +11:00
Matthias Mair 07a0bd2e24
remove duplicate requirements (#11654) 2026-04-02 10:46:41 +11:00
Oliver c8bcb924ca
Reduce load on background worker (#11651)
* Do not save setting with identical value

* Prevent task duplication

* Logic fixes

* Add unit test for task de-duplication

* Updated unit test
2026-04-01 17:42:48 +11:00
Oliver c89b0b7131
Memoize parameters for useInstance (#11652) 2026-04-01 17:06:38 +11:00
Oliver 080edc870f
Better ordering for plugin settings (#11646)
* Better ordering for plugin settings

- Followup to https://github.com/inventree/InvenTree/pull/11643
- Use order as provided by plugin

* Bug fix
2026-04-01 16:18:55 +11:00
Oliver 6243aec9b7
Shipment parameters (#11641)
* Add 'parameter' support for SalesOrderShipment model

* Add "parameters" tab for shipment view

* Playwright test

* Update CHANGELOG

* Update API version

* Install gettext

* Try yaml format

* Revert "Try yaml format"

This reverts commit 394a5551c8.

---------

Co-authored-by: Matthias Mair <code@mjmair.com>
2026-04-01 10:31:49 +11:00
Matthias Mair 1f01229d30
fix(backend): API description ordering more deterministic (#11649)
* fix(backend): API description ordering more deterministic

* bump API

* Update API version history in api_version.py
2026-04-01 08:54:44 +11:00
Oliver 5f3e9a0652
Enforce deterministic ordering for plugin settings (#11643)
* Enforce deterministic ordering for plugin settings

* Fix typo
2026-03-31 20:45:25 +11:00
Oliver 092c43b49a
Update "date" field for StockItemTestResult (#11586)
* Update "date" field for StockItemTestResult

- Allow editing of date (via admin)

* Mark 'date' and 'user' as read-only unless importing

* Revert API field name

* Fix default value

* Fix migration

---------

Co-authored-by: Matthias Mair <code@mjmair.com>
2026-03-31 07:13:12 +11:00
Oliver 4c0a3c5545
Add copy function to more columns (#11635) 2026-03-31 00:22:28 +11:00
Oliver 77744aeeac
Enhancements for recort import/export (#11630)
* Add management command to list installed apps

* Add metadata to exported data file

* Validate metadata for imported file

* Update CHANGELOG.md

* Update docs

* Use internal codes

* Refactor and add more metadata

* Adjust github action workflow

* Run with --force option to setup demo dataset
2026-03-31 00:18:48 +11:00
Oliver 67d6026637
Remove duplicate entries in the API version list (#11629) 2026-03-30 19:58:57 +11:00
Oliver dab4319033
Receive virtual parts (#11627)
* Handle receive of virtual parts

- Update line item quantity
- Do not add any stock

* Add unit test

* Additional unit test

* UI form improvements

* Add playwright test

* Updated playwright tests
2026-03-30 19:10:56 +11:00
dependabot[bot] b4f230753f
chore(deps): bump cryptography from 46.0.5 to 46.0.6 in /src/backend (#11619)
* chore(deps): bump cryptography from 46.0.5 to 46.0.6 in /src/backend

Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.5 to 46.0.6.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/46.0.5...46.0.6)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 46.0.6
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix style

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
2026-03-30 09:24:07 +11:00
Oliver 2c7b2d27f9
Badge fix (#11624)
* Fix "in production" badge

- Use the total scheduled build quantity

* Add "Allocated" badge

* Tweak playwright tests
2026-03-30 08:38:53 +11:00
Oliver 79aa824c14
Keep allocation forms open (#11621)
- Following https://github.com/inventree/InvenTree/pull/11074
- Option to keep allocation forms open
2026-03-29 17:49:46 +11:00
github-actions[bot] b4ab985e1e
New Crowdin translations by GitHub Action (#11593)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-03-29 17:49:33 +11:00
Oliver 571b46c9ff
Fix order of hooks for stabilizing table columns (#11482)
* Fix order of hooks for stabilizing table columns

Ref: https://github.com/icflorescu/mantine-datatable/issues/759

* Reset column ordering and widths when the component is mounted

---------

Co-authored-by: Matthias Mair <code@mjmair.com>
2026-03-29 15:21:53 +11:00
Jan Krajdl 9cd0b520c2
Added keep open boolean field to Stock Location modal form (#11074)
* Added keep open boolean field to Stock Location modal form

* Rewrite keep form open field feature to avoid calling methods in form field definitions

* Rewrite keep form open feature as common form property

* Removed unused artefact from previous implementation

* keepOpenOption removed as default option for all create forms. Instead it's enabled on selected forms.

* keepOpenOption field speed improvement

- using useRef instead of useState
- keepOpenSwitch moved to own component

* Added keep form open feature to changelog

* Updated documentation: keep form open feature added to concepts/user_interface docs

* Added test case for "keep form open" feature

* Changed switch selector in keep form open feature test

---------

Co-authored-by: spm <jan.krajdl@cecolo.com>
Co-authored-by: Oliver <oliver.henry.walters@gmail.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
2026-03-29 15:09:47 +11:00
Matthias Mair e3c9a35bae
feat(backend): add inventree version to every response (#11611)
* feat(backend): add inventree version to every response

* add more info
2026-03-29 14:27:05 +11:00
HuaYangTian 7614973a04
fix(frontend): complete zh-Hans UI localization (#11612)
* fix(frontend): complete zh-Hans localization

* fix(frontend): address i18n review feedback
2026-03-29 14:25:27 +11:00
dependabot[bot] 100555c9db
chore(deps): bump pypdf from 6.9.1 to 6.9.2 in /src/backend (#11608)
* chore(deps): bump pypdf from 6.9.1 to 6.9.2 in /src/backend

Bumps [pypdf](https://github.com/py-pdf/pypdf) from 6.9.1 to 6.9.2.
- [Release notes](https://github.com/py-pdf/pypdf/releases)
- [Changelog](https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md)
- [Commits](https://github.com/py-pdf/pypdf/compare/6.9.1...6.9.2)

---
updated-dependencies:
- dependency-name: pypdf
  dependency-version: 6.9.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix style

* add playwright test

* Revert "add playwright test"

This reverts commit f0c661d6eb.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
2026-03-27 07:29:54 +11:00
dependabot[bot] d2e8c75de4
chore(deps): bump requests from 2.32.5 to 2.33.0 in /src/backend (#11609)
* chore(deps): bump requests from 2.32.5 to 2.33.0 in /src/backend

Bumps [requests](https://github.com/psf/requests) from 2.32.5 to 2.33.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.32.5...v2.33.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.33.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* style fix

* reduce diff

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
2026-03-27 07:29:32 +11:00
Matthias Mair 8b67fe5e99
fix(frontend): Template Editor Rendering Issues (#11601)
* fix order

* general bump

* allign @codemirror

* fix style

* add playwright test

---------

Co-authored-by: Oliver <oliver.henry.walters@gmail.com>
2026-03-27 07:29:03 +11:00
dependabot[bot] 7e18555a6b
chore(deps): bump yaml from 1.10.2 to 1.10.3 in /src/frontend (#11607)
Bumps [yaml](https://github.com/eemeli/yaml) from 1.10.2 to 1.10.3.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](https://github.com/eemeli/yaml/compare/v1.10.2...v1.10.3)

---
updated-dependencies:
- dependency-name: yaml
  dependency-version: 1.10.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-26 11:59:40 +11:00
Oliver a1ec46a6b8
isGeneratingSchema fix (#11606)
- Ignore sqlflush command
2026-03-25 01:09:00 +11:00
Oliver 8ec61aca0a
Update DataExport functionality (#11604)
* Update DataExport functionality

- Chunk queryset into memory

* Allow larger number of queries for chunked database fetching

* Handle possible exception in unit testing
2026-03-25 00:35:08 +11:00
Oliver b98fc9c7a0
Restrict queryset for DataImportSession (#11602)
* Restrict queryset for DataImportSession

- Only allow non-staff users to see their own sessions

* Add unit test

* raise PermissionDenied if no user info available
2026-03-24 23:28:58 +11:00
Miklós Márton 4865a2b2a0
Remove unnecessary semicolon passed to FontFace constructor (#11603)
Fixes #11583
2026-03-24 22:15:44 +11:00
Matthias Mair ae593bd7c4
chore(backend): full backend/image bump (#11571)
* full bump

* bump base image

* update comment

* fix ty errors

* lower allauth
2026-03-23 21:46:45 +11:00
Miklós Márton 7100569e45
Support image upload from clipboard (#11577)
* Support image upload from clipboard

* Suffix the image upload dialog message with the clipboard paste capability
2026-03-23 21:45:36 +11:00
Oliver 1e0a0aa79d
Add option to "asset" tag to control error raising (#11591) 2026-03-22 17:15:14 +11:00
github-actions[bot] 0feba9fbfb
New Crowdin translations by GitHub Action (#11498)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-03-22 13:31:14 +11:00
Oliver 8e289a3208
[API] Category star fix (#11588)
* [API] Bug fix for PartStar and PartCategoryStar

- Logic refactor and fixes

* Add playwright tests

* Remove debug statements

* Revert API string changes
2026-03-21 23:47:11 +11:00
Bradley Zylstra cf619b4184
[Bug] Import-records fix when importing from older InvenTree+Postgres version (#10862)
* Fixed issue where importing data from older versions of InvenTree+Postgres would fail

* Update tasks.py

Changed .startswith to exact matching for users.userprofile.

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update tasks.py

Added validation checks to user primary key pairing dict.

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Reverted tasks.py, disabled signals in user model when importing data

---------

Co-authored-by: Oliver <oliver.henry.walters@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2026-03-21 22:46:03 +11:00
Oliver 3a3816307e
Make WAL mode configurable for sqlite (#11585) 2026-03-21 19:46:22 +11:00
Oliver 6d8606bbe4
Refactoring for report helper functions (#11579)
* Refactoring for media file report helper functions

* Updated unit tests

* Improved error handling

* Generic path return for asset

* Fix return type annotations

* Fix existing test

* Tweaked unit test

* Collect static files in CI

* Run static step for all DB tests

* Update action.yaml

* Fix for action.yaml

* Updated unit tests
2026-03-21 17:38:41 +11:00
Oliver 5adf33d354
Improvements for get_bulk_queryset (#11581)
* Improvements for get_bulk_queryset

- Limit scope to base view queryset
- Remove ability to provide arbitrary filters
- Remove feedback if zero items are found

* Adjust unit test

* Remove filter test

* Update CHANGELOG.md
2026-03-21 17:17:35 +11:00
Oliver c5bf915d10
Adjust DataOutput API endpoint (#11580)
* DataOutput API fix

- Prevent non-staff users from accessing unrelated DataOutput instances

* Add unit tests
2026-03-21 15:14:59 +11:00
Oliver 5f9972e75e
[plugin] Cache busting for plugin static files (#11565)
* Add helper to check the existence of a static file

* Log error if plugin static file does not exist

* Support cache busting for plugin files

* Use Pathlib instead

* Improve generic URL resolution

* Add unit test
2026-03-20 15:42:15 +11:00
Oliver fc730b9af7
Save user info (#11572)
* Record user info when creating stock item

* Add unit test

* Add playwright test
2026-03-20 15:41:44 +11:00
Oliver 8c2592b3c2
Fix parent field for StockItemSerializer (#11573)
* Fix parent field for StockItemSerializer

- Closes https://github.com/inventree/InvenTree/issues/11507

* Bump API version
2026-03-20 15:41:35 +11:00
dependabot[bot] a64b15af76
chore(deps): bump pypdf from 6.8.0 to 6.9.1 in /src/backend (#11556)
* chore(deps): bump pypdf from 6.8.0 to 6.9.1 in /src/backend

Bumps [pypdf](https://github.com/py-pdf/pypdf) from 6.8.0 to 6.9.1.
- [Release notes](https://github.com/py-pdf/pypdf/releases)
- [Changelog](https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md)
- [Commits](https://github.com/py-pdf/pypdf/compare/6.8.0...6.9.1)

---
updated-dependencies:
- dependency-name: pypdf
  dependency-version: 6.9.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix style

* fix style

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
2026-03-20 10:39:10 +11:00
Oliver 7f0610502d
Build line fix (#11566)
* Fix for RenderBuildLine

* Simple playwright test
2026-03-20 08:51:21 +11:00
Matthias Mair 9c993d1c22
bump drf (#11559) 2026-03-20 07:18:27 +11:00
Oliver ef2f05a418
[API] Bug fix for PartCategory cascade filter (#11562)
* Bug fix for PartCategory cascade filter

* Additional unit test
2026-03-19 23:40:44 +11:00
Oliver 4599edd375
[UI Update image fix (#11557)
* Improve thumbnail selector

- Center image
- Better descriptive text

* Updated playwrigth testing
2026-03-19 16:56:13 +11:00
Matthias Mair 16103379c9
chore(backend): Bump ty (#11537)
* bump ty - there is better django support now

* more fixes

* fix usage of types

* add missing type

* fix access

* ensure itteration is safe

* fix uncombat decimal usage

* ?potential breaking: change access key

* remove now obsolete igtnore

* ignore errors on StdImageField

* remove usage of unkonw parameter

* fix diff error

* fix schema creation

* fix coverage quirk

* those are unneeded now?

* this seem to have been an issue with 3.12; not occuring on 3.14

* ignore pydantiics

* ignore edge cases for now

* include isGenerating fix

* make typing python 3.11 compatible

* fix more errors
2026-03-18 18:25:50 +11:00
Oliver 865ec47a3b
Fix error generation on failed background task (#11552)
* Fix error generation on failed background task

* Tweak unit test
2026-03-18 18:23:47 +11:00
nino-tan-smartee 468f0f9c3b
fix(plugin): use app_name instead of plugin_path when deregistering models (#11536)
* fix(plugin): use app_name instead of plugin_path when deregistering models

_deactivate_mixin uses plugin_path (the full dotted module path) as the
key into Django's apps.all_models when removing plugin models during
reload. However, Django registers models under the app_label (the short
app_name), not the full plugin_path.

For plugins with nested module paths (e.g. "myplugin.myplugin"),
plugin_path != app_name. Since apps.all_models is a defaultdict, looking
up plugin_path silently creates an empty OrderedDict, then .pop(model)
raises KeyError because the model was never in that dict — it was
registered under app_name.

This causes recurring KeyError crashes every plugin reload cycle
(~1 minute) for any external plugin with a nested package structure.

The fix:
- Use app_name (already computed at line 98) instead of plugin_path
- Add default None to .pop() for defensive safety
- Consistent with line 123 which already correctly uses app_name

* test(plugin): add unit test for nested plugin path model deregistration

Ensures _deactivate_mixin uses app_name (last path component) instead
of the full plugin_path when looking up models in apps.all_models,
preventing KeyError for external plugins with nested module structures.

* style: fix ruff format for context manager parenthesization
2026-03-18 13:45:40 +11:00
Oliver 488bd5f923
Fix complete_sales_order_shipment task (#11525)
* Fix complete_sales_order_shipment task

- Perform allocation *before* marking shipment as complete
- Ensure task is not marked as complete before it is actually done

* Add unit test

* Provide task status tracking for shipment completion

* Add integration testing

* Address unit test issues

* Bump API version

* Enhance playwright test
2026-03-18 08:05:16 +11:00
Oliver b10fd949d3
Remove error handling for complete_build_allocations task (#11551)
- We *want* this to fail, and run again
- It is handled by the background task manager
2026-03-18 07:07:25 +11:00
Oliver 756c0be0b5
[db] Backend setting improvements (#11500)
* Refactor database engine options

- Move to setting/db_backend.py
- Cleanup settings.py

* Fix documentation for postgres settings

* docs updates

* Add transaction_mode options for sqlite

* Update CHANGELOG with breaking changes

* Remove hard-coded database config

* Raise error on invalid backend

* Fix typos

* Fix broken redis link

* Limit to single worker thread for sqlite

* Update docs

* Add verbosity switch to dev.test task

* Add test timeout - kill hanging tests after 120s

* Set WAL mode for sqlite

* Use IMMEDIATE mode for background worker thread

* Use config to set WAL rather than custom hook

* Tweak pyproject settings

* Tweak code

* Increase timeouts

* Reset requirements to master
2026-03-18 00:01:17 +11:00
Matthias Mair ab116309b3
chore(backend): fix isGenerating detection (#11548) 2026-03-18 00:00:33 +11:00
Oliver 84cd81d9a8
Build consume fix (#11529)
* Add new build task

* Refactor background task for consuming build stock

- Run as a single task
- Improve query efficiency

* Refactor consuming stock against build via API

- Return task_id for monitoring
- Keep frontend updated

* Task tracking for auto-allocation

* Add e2e integration tests:

- Auto-allocate stock
- Consume stock

* Bump API version

* Playwright test fixes

* Adjust unit tests

* Robustify unit test

* Widen test scope

* Adjust playwright test

* Loosen test requirements again

* idk, another change :|

* Robustify test
2026-03-17 20:51:12 +11:00
Matthias Mair 97aec82d33
bump PyJWT (#11532)
fixes https://github.com/inventree/InvenTree/security/dependabot/386
2026-03-15 22:03:45 +11:00
Oliver 609a3f4a36
[UI] Library fix (#11530)
* Ensure "lib" is built as part of CI

* Fix useMonitorBackgroundTask hook
2026-03-15 15:37:56 +11:00
Oliver 6830ba5efe
[API] Monitor task (#11527)
* Enhance docstring

* Return the ID of an offloaded task

* Add API endpoint for background task detail

* Add UI hook for monitoring background task  progress

* Handle queued tasks (not yet started)

* Improve UX

* Update frontend lib version

* Bump API version

* Fix notification

* Simplify UI interface

* Implement internal hook

* Fix API path sequence

* Add unit tests for task detail endpoint

* Refactor code into reusable model

* Explicit operation_id for API endpoints

* Further refactoring

* Use 200 response code

- axios does not like 202, simplify it

* Return task response for validation of part BOM

* Fix schema

* Cleanup

* Run background worker during playwright tests

- For full e2e integration testing

* Improve hooks and unit testing

* Rename custom hooks to meet react naming requirements
2026-03-15 14:11:22 +11:00
dependabot[bot] 133d254ba7
chore(deps): bump the dependencies group across 2 directories with 25 updates (#11516)
* chore(deps): bump the dependencies group across 2 directories with 25 updates

Bumps the dependencies group with 1 update in the /docs directory: [mkdocs-material](https://github.com/squidfunk/mkdocs-material).
Bumps the dependencies group with 24 updates in the /src/backend directory:

| Package | From | To |
| --- | --- | --- |
| [blessed](https://github.com/jquast/blessed) | `1.30.0` | `1.32.0` |
| [boto3](https://github.com/boto/boto3) | `1.42.58` | `1.42.62` |
| [botocore](https://github.com/boto/botocore) | `1.42.58` | `1.42.62` |
| [charset-normalizer](https://github.com/jawah/charset_normalizer) | `3.4.4` | `3.4.5` |
| [icalendar](https://github.com/collective/icalendar) | `7.0.2` | `7.0.3` |
| [opentelemetry-exporter-otlp-proto-common](https://github.com/open-telemetry/opentelemetry-python) | `1.39.1` | `1.40.0` |
| [opentelemetry-exporter-otlp-proto-grpc](https://github.com/open-telemetry/opentelemetry-python) | `1.39.1` | `1.40.0` |
| [opentelemetry-exporter-otlp-proto-http](https://github.com/open-telemetry/opentelemetry-python) | `1.39.1` | `1.40.0` |
| [opentelemetry-instrumentation](https://github.com/open-telemetry/opentelemetry-python-contrib) | `0.60b1` | `0.61b0` |
| [opentelemetry-instrumentation-dbapi](https://github.com/open-telemetry/opentelemetry-python-contrib) | `0.60b1` | `0.61b0` |
| [opentelemetry-proto](https://github.com/open-telemetry/opentelemetry-python) | `1.39.1` | `1.40.0` |
| [opentelemetry-semantic-conventions](https://github.com/open-telemetry/opentelemetry-python) | `0.60b1` | `0.61b0` |
| [opentelemetry-util-http](https://github.com/open-telemetry/opentelemetry-python-contrib) | `0.60b1` | `0.61b0` |
| [platformdirs](https://github.com/tox-dev/platformdirs) | `4.9.2` | `4.9.4` |
| [protobuf](https://github.com/protocolbuffers/protobuf) | `6.33.5` | `7.34.0` |
| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.2.1` | `1.2.2` |
| [redis](https://github.com/redis/redis-py) | `7.2.1` | `7.3.0` |
| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.53.0` | `2.54.0` |
| [tinycss2](https://github.com/Kozea/tinycss2) | `1.4.0` | `1.5.1` |
| [tinyhtml5](https://github.com/CourtBouillon/tinyhtml5) | `2.0.0` | `2.1.0` |
| [wrapt](https://github.com/GrahamDumpleton/wrapt) | `1.17.3` | `2.1.2` |
| [filelock](https://github.com/tox-dev/py-filelock) | `3.24.3` | `3.25.0` |
| [identify](https://github.com/pre-commit/identify) | `2.6.16` | `2.6.17` |
| [isort](https://github.com/PyCQA/isort) | `8.0.0` | `8.0.1` |



Updates `mkdocs-material` from 9.7.3 to 9.7.4
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.7.3...9.7.4)

Updates `blessed` from 1.30.0 to 1.32.0
- [Release notes](https://github.com/jquast/blessed/releases)
- [Changelog](https://github.com/jquast/blessed/blob/master/docs/history.rst)
- [Commits](https://github.com/jquast/blessed/commits)

Updates `boto3` from 1.42.58 to 1.42.62
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](https://github.com/boto/boto3/compare/1.42.58...1.42.62)

Updates `botocore` from 1.42.58 to 1.42.62
- [Commits](https://github.com/boto/botocore/compare/1.42.58...1.42.62)

Updates `charset-normalizer` from 3.4.4 to 3.4.5
- [Release notes](https://github.com/jawah/charset_normalizer/releases)
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jawah/charset_normalizer/compare/3.4.4...3.4.5)

Updates `icalendar` from 7.0.2 to 7.0.3
- [Release notes](https://github.com/collective/icalendar/releases)
- [Changelog](https://github.com/collective/icalendar/blob/main/CHANGES.rst)
- [Commits](https://github.com/collective/icalendar/compare/v7.0.2...v7.0.3)

Updates `opentelemetry-exporter-otlp-proto-common` from 1.39.1 to 1.40.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-python/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-python/compare/v1.39.1...v1.40.0)

Updates `opentelemetry-exporter-otlp-proto-grpc` from 1.39.1 to 1.40.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-python/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-python/compare/v1.39.1...v1.40.0)

Updates `opentelemetry-exporter-otlp-proto-http` from 1.39.1 to 1.40.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-python/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-python/compare/v1.39.1...v1.40.0)

Updates `opentelemetry-instrumentation` from 0.60b1 to 0.61b0
- [Release notes](https://github.com/open-telemetry/opentelemetry-python-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-python-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-python-contrib/commits)

Updates `opentelemetry-instrumentation-dbapi` from 0.60b1 to 0.61b0
- [Release notes](https://github.com/open-telemetry/opentelemetry-python-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-python-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-python-contrib/commits)

Updates `opentelemetry-proto` from 1.39.1 to 1.40.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-python/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-python/compare/v1.39.1...v1.40.0)

Updates `opentelemetry-semantic-conventions` from 0.60b1 to 0.61b0
- [Release notes](https://github.com/open-telemetry/opentelemetry-python/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-python/commits)

Updates `opentelemetry-util-http` from 0.60b1 to 0.61b0
- [Release notes](https://github.com/open-telemetry/opentelemetry-python-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-python-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-python-contrib/commits)

Updates `platformdirs` from 4.9.2 to 4.9.4
- [Release notes](https://github.com/tox-dev/platformdirs/releases)
- [Changelog](https://github.com/tox-dev/platformdirs/blob/main/docs/changelog.rst)
- [Commits](https://github.com/tox-dev/platformdirs/compare/4.9.2...4.9.4)

Updates `protobuf` from 6.33.5 to 7.34.0
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

Updates `python-dotenv` from 1.2.1 to 1.2.2
- [Release notes](https://github.com/theskumar/python-dotenv/releases)
- [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md)
- [Commits](https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2)

Updates `redis` from 7.2.1 to 7.3.0
- [Release notes](https://github.com/redis/redis-py/releases)
- [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES)
- [Commits](https://github.com/redis/redis-py/compare/v7.2.1...v7.3.0)

Updates `sentry-sdk` from 2.53.0 to 2.54.0
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-python/compare/2.53.0...2.54.0)

Updates `tinycss2` from 1.4.0 to 1.5.1
- [Release notes](https://github.com/Kozea/tinycss2/releases)
- [Changelog](https://github.com/Kozea/tinycss2/blob/main/docs/changelog.rst)
- [Commits](https://github.com/Kozea/tinycss2/compare/v1.4.0...v1.5.1)

Updates `tinyhtml5` from 2.0.0 to 2.1.0
- [Release notes](https://github.com/CourtBouillon/tinyhtml5/releases)
- [Changelog](https://github.com/CourtBouillon/tinyhtml5/blob/main/docs/changelog.rst)
- [Commits](https://github.com/CourtBouillon/tinyhtml5/compare/2.0.0...2.1.0)

Updates `wrapt` from 1.17.3 to 2.1.2
- [Release notes](https://github.com/GrahamDumpleton/wrapt/releases)
- [Changelog](https://github.com/GrahamDumpleton/wrapt/blob/develop/docs/changes.rst)
- [Commits](https://github.com/GrahamDumpleton/wrapt/compare/1.17.3...2.1.2)

Updates `filelock` from 3.24.3 to 3.25.0
- [Release notes](https://github.com/tox-dev/py-filelock/releases)
- [Changelog](https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst)
- [Commits](https://github.com/tox-dev/py-filelock/compare/3.24.3...3.25.0)

Updates `identify` from 2.6.16 to 2.6.17
- [Commits](https://github.com/pre-commit/identify/compare/v2.6.16...v2.6.17)

Updates `isort` from 8.0.0 to 8.0.1
- [Release notes](https://github.com/PyCQA/isort/releases)
- [Changelog](https://github.com/PyCQA/isort/blob/main/CHANGELOG.md)
- [Commits](https://github.com/PyCQA/isort/compare/8.0.0...8.0.1)

---
updated-dependencies:
- dependency-name: mkdocs-material
  dependency-version: 9.7.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: blessed
  dependency-version: 1.32.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: boto3
  dependency-version: 1.42.62
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: botocore
  dependency-version: 1.42.62
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: charset-normalizer
  dependency-version: 3.4.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: icalendar
  dependency-version: 7.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: opentelemetry-exporter-otlp-proto-common
  dependency-version: 1.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: opentelemetry-exporter-otlp-proto-grpc
  dependency-version: 1.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: opentelemetry-exporter-otlp-proto-http
  dependency-version: 1.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: opentelemetry-instrumentation
  dependency-version: 0.61b0
  dependency-type: direct:production
  dependency-group: dependencies
- dependency-name: opentelemetry-instrumentation-dbapi
  dependency-version: 0.61b0
  dependency-type: direct:production
  dependency-group: dependencies
- dependency-name: opentelemetry-proto
  dependency-version: 1.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: opentelemetry-semantic-conventions
  dependency-version: 0.61b0
  dependency-type: direct:production
  dependency-group: dependencies
- dependency-name: opentelemetry-util-http
  dependency-version: 0.61b0
  dependency-type: direct:production
  dependency-group: dependencies
- dependency-name: platformdirs
  dependency-version: 4.9.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: protobuf
  dependency-version: 7.34.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: python-dotenv
  dependency-version: 1.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: redis
  dependency-version: 7.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: sentry-sdk
  dependency-version: 2.54.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: tinycss2
  dependency-version: 1.5.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: tinyhtml5
  dependency-version: 2.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: wrapt
  dependency-version: 2.1.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: filelock
  dependency-version: 3.25.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: identify
  dependency-version: 2.6.17
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: isort
  dependency-version: 8.0.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix syle

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
2026-03-15 07:16:39 +11:00
Matthias Mair 29ac2392db
bump undici (#11526) 2026-03-15 01:25:20 +11:00
Matthias Mair 897e3b9ec6
bump build tooling (#11505) 2026-03-14 22:55:30 +11:00
Jacob Felknor c3cedd25c0
Fix stuck-in-past expiry date filter (#11518)
* fix stuck-in-past expiry date filter

* also fix OVERDUE_FILTER date problem
2026-03-14 22:50:08 +11:00
Oliver 649ff009b9
[CI] Add unit test for large shipment (#11503) 2026-03-14 17:21:25 +11:00
Matthias Mair d7af345e20
refactor(frontend): use central user creds (#11520) 2026-03-14 13:29:46 +11:00
Matthias Mair fda3204e33
fix: low-privilege user token creation (#11492)
* [bug] Users cannot create their own API tokens
Fixes #11486

* fix detection of metadata

* make easier to read

* add handler for IsAuthenticated

* use correct method

* fix style see #11487

* add frontend test

* make test more reliable?
2026-03-14 12:02:49 +11:00
dependabot[bot] c8d41bc207
chore(deps): bump dompurify from 3.2.6 to 3.3.2 in /src/frontend (#11477)
* chore(deps): bump dompurify from 3.2.6 to 3.3.2 in /src/frontend

Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.2.6 to 3.3.2.
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](https://github.com/cure53/DOMPurify/compare/3.2.6...3.3.2)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.3.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix style

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Oliver <oliver.henry.walters@gmail.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
2026-03-13 11:47:58 +11:00
dependabot[bot] 7d739e5927
chore(deps): bump the dependencies group across 1 directory with 4 updates (#11494)
* chore(deps): bump the dependencies group across 1 directory with 4 updates

Bumps the dependencies group with 4 updates in the /src/frontend directory: [@codemirror/view](https://github.com/codemirror/view), [@uiw/codemirror-theme-vscode](https://github.com/uiwjs/react-codemirror), [@playwright/test](https://github.com/microsoft/playwright) and [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node).


Updates `@codemirror/view` from 6.38.2 to 6.39.16
- [Changelog](https://github.com/codemirror/view/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codemirror/view/compare/6.38.2...6.39.16)

Updates `@uiw/codemirror-theme-vscode` from 4.25.1 to 4.25.7
- [Release notes](https://github.com/uiwjs/react-codemirror/releases)
- [Commits](https://github.com/uiwjs/react-codemirror/compare/v4.25.1...v4.25.7)

Updates `@playwright/test` from 1.56.0 to 1.58.2
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](https://github.com/microsoft/playwright/compare/v1.56.0...v1.58.2)

Updates `@types/node` from 24.11.0 to 25.3.3
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@codemirror/view"
  dependency-version: 6.39.16
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: "@uiw/codemirror-theme-vscode"
  dependency-version: 4.25.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: "@playwright/test"
  dependency-version: 1.58.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: "@types/node"
  dependency-version: 25.3.3
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix test

* fix test

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
Co-authored-by: Oliver <oliver.henry.walters@gmail.com>
2026-03-13 10:57:53 +11:00
Oliver 6ca102cb5f
Allow bulk edit of stock batch code (#11499)
* Allow bulk edit of stock batch code

Closes https://github.com/inventree/InvenTree/issues/10817

* Bump API version

* Add unit test
2026-03-13 01:23:55 +11:00
github-actions[bot] 98b56e1a49
New Crowdin translations by GitHub Action (#11407)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-03-12 20:38:18 +11:00
Oliver 1be08e4420
[API] Allow filtering ScheduledTask objects by name (#11497)
* [API] Allow filtering ScheduledTask objects by name

* Bump API version
2026-03-12 18:03:31 +11:00
Oliver 1e2c9ed273
Refactor part.on_order (#11496)
More intelligent DB querying for significant speed improvement
2026-03-12 15:31:44 +11:00
Oliver aafda4bece
[UI] Fix hook deps for BuildOutputTable (#11483)
- Closes https://github.com/inventree/InvenTree/issues/11280
2026-03-12 13:18:22 +11:00
Oliver c292e807b9
Enhance MonitorDataOutput (#11458)
* Enhance MonitorDataOutput

- Optionally pass QueryClient
- Required when running outside of <ApiContext />

* Fix default base URL if not specified

* Remove "allow_null" from Mantine props

* Bump lib version to 0.8.2

* Bump CHANGELOG.md
2026-03-12 12:22:16 +11:00
Matthias Mair f7da51b752
fix style issue from 11485 (#11487)
* fix https://github.com/inventree/InvenTree/pull/11485

* fix style

---------

Co-authored-by: Oliver <oliver.henry.walters@gmail.com>
2026-03-12 12:17:06 +11:00
Matthias Mair 57949b69e0
chore(frontend): resolution bump (#11465)
* chore(frontend): resolution bump

* bump nyc

* bump vite-plugin-istanbul

* bump @codecov/vite-plugin

* bump @lingui

* fix typing

* fix tests

* make more robust

* fix @codemirror

* fix another switch

* add more "give" to test

* ifnore demo dataset

* fix assert

* revert test change

---------

Co-authored-by: Oliver <oliver.henry.walters@gmail.com>
2026-03-12 12:14:36 +11:00
tigger2000ttfn a964d6682e
fix: wrap create_default_labels in transaction.atomic() savepoint to prevent PostgreSQL transaction abort (#11484)
When the plugin registry reloads during an active HTTP request, 
create_default_labels() raises ValidationError on duplicate template 
inserts. On PostgreSQL this aborts the entire outer atomic() block, 
causing TransactionManagementError on all stock operations in that request.

Fixes #11469

Co-authored-by: Oliver <oliver.henry.walters@gmail.com>
2026-03-11 22:21:03 +11:00
Oliver 27809d712a
Copy order params (#11479)
* Copy parameters when duplicating an order

* Add unit test for order parameter duplication

* Bunmp API version

* Fix test reliability

* Disable image fetching for SampleSupplierPlugin

- Allow turning on manually
- Prevent CI issues due to rate limiting

* Revery pypdf.. ???
2026-03-11 19:26:56 +11:00